rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-04T03:24:33
Updated: 2024-08-04T11:06:09.537Z
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10548
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-04T04:15:13.087
Modified: 2024-11-21T04:55:33.637
Link: CVE-2020-10548
Redhat
No data.